The OPP reports that authorities were able to stop a spear phishing fraud that could have cost a Canadian business more than $615,000.
Police say that on Feb. 2, an OPP member seconded to the Canadian Anti-Fraud Centre was notified by a CAFC call-taker that a Canadian business reported spear phishing fraud.
The OPP member contacted a United States Secret Service representative about the fraud.
The Secret Service contacted the U.S. bank that received the transfer of $615,820 from the Canadian business, and the bank froze the funds.
Authorities didn't reveal where the business is located.
“As a result of the timely reporting to the CAFC, and the quick action of the members from each organization, the business is well positioned to recover the funds,” authorities said in a Feb. 26 news release.
What is spear phishing?
Spear phishing, or business email compromise fraud, occurs when fraudsters send messages to a targeted business or individual’s email account, often to the accounts payable department, the OPP says.
You might be interested in
Fraudsters will create an email address similar to the targeted company’s email address to appear as though the email is coming from a trusted source, such as a supplier or contractor. The fraudster will request an urgent payment to an alternate bank account for an invoice that is due.
Furthermore, fraudsters may send malware. If an employee clicks on it, a rule will be created to send copies of incoming emails to one of the fraudster's email accounts. The fraudsters will collect information, study the language of their targets and look for important contacts, payments and dates so they can send convincing emails from what appears to be a trusted source.
How to protect yourself
The OPP offers the following tips to protect yourself from fraud:
• Remain current on frauds targeting businesses and educate all employees by visiting the CAFC website
• Include fraud and cyber training as part of new employees' orientation
• Avoid opening unsolicited emails or clicking on suspicious links or attachments
• Take a few seconds to hover over an email address or link and confirm that they are correct
• Restrict the amount of information shared publicly and show caution with regard to social media
• Create detailed payment procedures, including verbal authentication for any urgent requests or changes in payment details
• Create a verification step for unusual requests
• Establish fraud identifying, managing and reporting procedures
• Ensure to upgrade and update technical security software
